[SECURITY] New security advisory for CVE-2018-11788 released for Apache Karaf

A new security advisory has been released for Apache Karaf, that is fixed in recent 4.1.7 and 4.2.2 releases. CVS-2018-11788: XXE vulnerability found on Apache Karaf Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: all versions of Apache Karaf prior to 4.1.7, 4.2.2.

Re: OpenJPA 3 and Karaf 4.2

Hi Matteo, We did test and fixes in OpenJPA 3. So, it should work. AFAIR, openjpa feature is commented in the example because it failed in the tests on Jenkins. Let me try on the Karaf provided example. Regards JB On 05/01/2019 22:42, Matteo Rulli wrote: > I tried to put together a project

OpenJPA 3 and Karaf 4.2

I tried to put together a project (here : https://github.com/mrulli/myjpaservice) to test how OpenJPA 3 and Karaf 4.2.x play together but I get the following error: javax.naming.NoInitialContextException: Need to specify class name in environment or